$62.3M for eHealth Sask. upgrades not enough, cybersecurity professionals alert
3 min read
eHealth Saskatchewan, which runs the province’s overall health-treatment IT procedure, has been accredited to spend up to $62.3 million on updates, but cybersecurity industry experts caution extra requires to be done in the aftermath of the 2019 ransomware cyberattack that influenced millions of files.
Cupboard a short while ago approved the dollars, to be spent above the next three fiscal a long time, by an purchase in council.
The Crown company states the funds will go toward replacing tools in its data centre, Windows 10 upgrades, investments in protection engineering, and substitution of computer systems and other devices.
In an unattributed assertion, eHealth wrote, “it would not be in the greatest pursuits of the public or the well being technique to give distinct particulars around our protection actions.”
eHealth is dependable for operating, retaining and renewing all computer system units that serve the province’s health-treatment sector, from diagnostics to prescribed drugs to patient records.
In 2019, the agency was hit with a ransomware attack that Saskatchewan’s privateness commissioner identified as a single of the most significant privacy breaches at any time in the province.
On Dec. 20, 2019, a Saskatchewan Wellbeing Authority (SHA) staff opened an infected Microsoft Word document on a private unit whilst the device was currently being charged by USB wire at their workstation.
Opening the doc brought on a Ryuk ransomware attack involving Dec. 20, 2019, and Jan. 5, 2020.
Commissioner Ron Kruzeniski’s damning report in January 2021 discovered the attack allowed criminals to steal tens of millions of files, like extra than 50 % a million containing personalized facts of Saskatchewan people today.
Alec Couros, a cybersecurity pro and professor of instructional technological know-how and media at the University of Regina, said software program and hardware upgrades are crucial, but that the updates on their individual would not be able to stop a cyberattack like the 2019 one.
He said employees require to be properly trained on how to not allow attackers get into their computers, noting quite a few cyber incidents require a human component.
“Except if you will find critical dollars put into human instruction, none of which is going to be worthwhile in the lengthy run,” he said.
Couros claimed some education will have to be a prerequisite for employees getting obtain to the units that have the most susceptible information.
“Earning confident that staff are conscious of all of these distinct factors and distinct schemes and tricks is really significant,” he stated.
Regina-dependent cybersecurity skilled Brennan Schmidt said there desires to be greater monitoring.
“When we’re conversing about resourcing, we are also speaking about persons, which is to say eyes on glass, earning certain that any sort of routines are getting monitored 24/7,” he mentioned.
He additional that every person that has access to the health and fitness program, which include individuals, really should be “active participants in protecting the confidentiality, integrity and availability of their details.”
Schmidt said the provincial authorities needs to assume about cybersecurity in all sectors, which includes well being and education and learning, and has been advocating for the establishment of an advisory panel on important infrastructure and cybersecurity.
The privateness commissioner’s evaluate also uncovered numerous techniques eHealth, the SHA and the Ministry of Wellness failed to sufficiently guard the non-public facts of Saskatchewan citizens.
CBC Information received a briefing take note from October 2020, penned by eHealth for Saskatchewan’s minister of wellness, warning that eHealth has been underfunded for several years and was at escalating possibility of failure. eHealth stated $150 million was needed above the next three several years to update out-of-date and failing equipment.
The 2020-21 provincial spending plan earmarked $7.4 million for eHealth to assistance safety upgrades, maintenance and licensing, alongside with $15.3 million the up coming calendar year for operations including protection. This year’s funds guarantees a $9.8-million enhance for eHealth, bringing its whole running spending plan of $135.6 million.
